Fallos del tipo CWE-20

4743 resultados
CVE-2023-24304HIGHImproper input validation in the PDF.dll plugin of IrfanView v4.60 allows attackers to execute arbitrary code via opening a crafted PDF fileEPSS 0.4%CVE-2026-26062HIGHFleet server may terminate unexpectedly when handling certain gRPC requestsEPSS 0.4%CVE-2023-48425CRITICALU-Boot vulnerability resulting in persistent Code Execution EPSS 0.4%CVE-2026-45556CRITICALRoxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`EPSS 0.4%CVE-2025-30649HIGHJunos OS: MX240, MX480, MX960 with SPC3: An attacker sending specific packets will cause a CPU utilization DoS.EPSS 0.4%CVE-2025-15375MEDIUMEyouCMS arcpagelist Ajax.php unserialize deserializationEPSS 0.4%CVE-2025-20389MEDIUMImproper Input Validation in "label" column field in Splunk Secure Gateway AppEPSS 0.4%CVE-2025-34072CRITICALAnthropic Slack MCP Server Data Exfiltration via Link UnfurlingEPSS 0.4%CVE-2026-41654MEDIUMWeblate is Vulnerable to Authenticated SSRF via Project Backup Import bypassing validate_repo_urlEPSS 0.4%CVE-2026-39868CRITICALThis issue was addressed with improved input validation. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app mayEPSS 0.4%CVE-2024-33996MEDIUMmoodle: broken access control when setting calendar event typeEPSS 0.4%CVE-2024-32990MEDIUMPermission verification vulnerability in the system sharing pop-up module Impact: Successful exploitation of this vulnerability will affect EPSS 0.4%CVE-2026-0543MEDIUMImproper Input Validation in Kibana Email Connector Leading to Excessive AllocationEPSS 0.4%CVE-2024-3488MEDIUMFile Upload vulnerability in unauthenticated session found in iManager.EPSS 0.4%CVE-2026-35081HIGHArbitrary process termination vulnerability in method ugw-logstopEPSS 0.4%CVE-2023-28733HIGHStored XSS affecting the AcyMailing plugin for Joomla EPSS 0.4%CVE-2026-48203CRITICALApache Camel: Camel-Solr: The SolrParam. and SolrField. Exchange header prefixes used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to inject Solr query parameters (server-side request forgery) and document fieldsEPSS 0.4%CVE-2025-47968HIGHMicrosoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2023-4552MEDIUMJava Database Connectivity (JDBC) URL ManipulationEPSS 0.4%CVE-2026-48205CRITICALApache Camel DNS: The dns.* and term Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to influence internal behaviourEPSS 0.4%